Re: IKE failed to find valid machine certificate (Error 786)
From: Tony Ashlee (anonymous_at_discussions.microsoft.com)
Date: 05/17/04
- Next message: Rick Csucsai: "RRAS-VPN-Static Pool-Default Gateway assignment"
- Previous message: NetEng: "Re: NAT + FTP = troubles?"
- In reply to: Sharoon Shetty K: "Re: IKE failed to find valid machine certificate (Error 786)"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 17 May 2004 13:56:04 -0700
Thanks for your reply.
The computers are auto enrolled for their certificate. When I go to the local computer's personal store, the certificate properties are as you describe.
The part I'm not clear on is when checking from the CA. Using the CA Snap-in, I see the computer listed under Issued Certificates.
When looking at the CA Local Certficates, that computer (the computer that runs the CA) has it's own certificate in the personal store.
I'm a little unclear about this part you wrote
"Download a CA certificate - installs the certificate.cer in your trusted
root store."
In the client's Trusted Root Certification Authorities it shows the CA. Is this what this means? Its properties are -All Issuance of policies and -All application policies.
----- Sharoon Shetty K wrote: -----
Hi Tony,
Have you installed the certificates in the Local computer account?
If you go to the Personal store of the certificates in the Local Computer,
can you see the certificates? If you open the certificate, it should have
details like
Purpose: Proves your identity to a remote computer
You have a private key that corresponds to this certificate.
The above details indicate that a certificate.pfx has been installed in the
personal store.
Now in the Trusted Root Store the certificate would not have the above
information.
When you install the certificate from your CA,
Request a certificate - installs cerficate.pfx in your personal store
Download a CA certificate - installs the certificate.cer in your trusted
root store.
Thanks,
Sharoon
---------------------------------------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.
"Tony Ashlee" <oxalis55@pacbell.net> wrote in message
news:87EF0ADE-E6EA-4187-AAE7-C743494840C8@microsoft.com...
> I have an Enterprise CA installed on the same server as our RAS server. My
computers all have a certificate issued by the CA. Yet, I get an error when
attempting to use L2TP that indicates that the computer does not have a
certificate.
> I read what Sharoon Shetty said about "The certificate.pfx must be
installed in personal store and certificate.cer
> in trusted root CA. If we put certificate.cer in both places, it fails
with the error 786." but I cannot find any pfx files anywhere. Am I missing
something obvious?
>>
- Next message: Rick Csucsai: "RRAS-VPN-Static Pool-Default Gateway assignment"
- Previous message: NetEng: "Re: NAT + FTP = troubles?"
- In reply to: Sharoon Shetty K: "Re: IKE failed to find valid machine certificate (Error 786)"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
